Security and Safe Computing
Read information on IT security including the ability to report a security incident and how to protect yourself.
A Secure Sockets Layer (SSL) certificate is a signed electronic guarantee that verifies the authenticity of a particular server. It is used for providing webpages through an encrypted connection. This service includes processing, ordering, renewal monitoring and notification.
The iAM web service provides users the ability to self-service several account functions. These functions include password change, email routing and preferred email address and display name selection. Note: If you have recently changed your password, forget and re-add all UofM wireless networks on all your devices. For more help connecting to on-campus wireless networks, visit our wireless page.
Duo Account Security or two-factor authentication adds a second layer of security to your online accounts. Verifying your identity using a second factor prevents anyone but you from logging in, even if they know your password.
Note: Access to this service may be limited in compliance with sanctions announced by the Office of Foreign Assets Control.
The Phish Alert Button (PAB) allows users to report suspected phishing emails easily and safely. It appears in all Outlook platforms: desktop apps, mobile apps, and Outlook Web Access (OWA).
Your password, along with your Universal User ID (UUID), grants access to all the
University's computing resources and online services. This account password should
be unique from every other password you use.
Note: If you have recently changed your password, forget and re-add all UofM wireless networks on all your devices. For more help connecting to on-campus wireless networks, visit our wireless page.
Please report technology related security incidents to ITS for further investigation.
Security incidents include:
• Denial of Service - An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources
• Malicious Code - A virus, worm, Trojan horse, or other code-based malicious entity that successfully infects a host
• Unauthorized Access - A person gains logical/physical access without permission to a network, system, application, data, or other IT resource
• Inappropriate Usage - A person violates acceptable use of any network or computer policies
• Compromised Personally Identifiable Information (PII) - Information that can be used to uniquely identify, contact, or locate a single person
or that can be used with other sources to uniquely identify a single individual
Security Awareness Training provides important information to clients to educate them about potential security issues. This training also helps to provide an awareness of University security policies.
Single Sign-On allows users to access technology resources and services across University systems using a single UUID and password. SSO is centrally maintained to provide both SAML- and CAS-compliant authentication services that limit reuse and exposure to user credentials by multiple services.
Suspicious activity (e.g., unexpected DUO prompts or account notifications, replies to emails the user did not send) may suggest that an account has been inappropriately accessed by someone other than the account owner or that an attacker is attempting to gain such unauthorized access. Remember, never share your password with anyone or enter it on unfamiliar webpages. ITS will never ask for your password via email or phone.
A Virtual Private Network (VPN) is used to securely access University network resources, such as umApps and remote desktop, from the internet.